Social Engineering Networks - PowerPoint PPT Presentation

About This Presentation
Title:

Social Engineering Networks

Description:

Social Engineering is the art of manipulating ... History of Social Engineering ... impersonation, ingratiation, conformity, and good ol' fashion friendliness ... – PowerPoint PPT presentation

Number of Views:121
Avg rating:3.0/5.0
Slides: 20
Provided by: chap170
Learn more at: http://www.cs.fsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Social Engineering Networks


1
Social Engineering Networks
  • Reid Chapman
  • Ciaran Hannigan

2
What is Social Engineering
  • Social Engineering is the art of manipulating
    people into performing actions or divulging
    confidential information.
  • This type of attack is non-technical and rely
    heavily on human interaction.

3
Social Engineering
  • Hackers use Social Engineering attacks to obtain
    information that will allow him/her to gain
    unauthorized access to a valued system and the
    information that resides on that system.

4
History of Social Engineering
  • The term Social Engineering was made popular
    ex-computer criminal Kevin Mitnick.
  • Confessed to illegally accessing private networks
    and possession of forged documents.
  • Claimed to of only used Social Engineering
    techniques with no help from software programs.

5
Types of Attacks
  • Pretexting
  • On-Line Social Engineering
  • Reverse Social Engineering
  • Phone Social Engineering

6
Pretexting
  • The act of creating and using an invented
    situation in order to convince a target to
    release information or grant access to sensitive
    materials.
  • This type of attack is usually implemented over
    the phone and can be used to obtain customer
    information, phone records, banking records and
    is also used by private investigators.

7
Pretexting cont
  • The hacker will disguise their identity in order
    to ask a series of questions intended to get the
    information he/she is wanting from their target.
  • By asking these questions the victim will
    unknowingly provide the attacker with all the
    information the hacker needs to carry out their
    attack.

8
Online Social Engineering
  • This attack exploits the fact that many users use
    the same password for all their accounts online
    such as for their e-mail, banking, or facebook
    accounts.
  • So once an attacker has access to one account
    he/she has admittance to all of them.

9
Online cont
  • Another common online attack is for a hacker to
    pretend to be a network admin and send out emails
    which request usernames and passwords, this
    attack is not as common or successful because
    people have become more conscious of this type of
    attack.

10
Reverse Social Engineering
  • Probably the least used of the attacks.
  • Requires extensive research and planning.
  • The key is to establish yourself in a position of
    authority and have your targets come to you.
  • Giving you a better chance of retrieving info.

11
Reverse Social Engineering
  • This form of attack can be divided into three
    stages.
  • Stage one - Sabotage Cause a problem (Crash the
    network)
  • Stage two - Advertise Send out notice that you
    are the one to go to to solve the problem.
  • Stage three - Assist Help the employees and get
    from them the info you came for.
  • When all is done you fix the problem, leave, and
    no one is the wiser because the problem is fixed
    and everyone is happy.

12
Phone Social Engineering
  • The most common practice of social engineering
  • A Hacker will call someone up and imitate a
    person of authority and slowly retrieve
    information from them.
  • Help Desks are incredible vunerable to this type
    of attack.

13
Help Desks are Gold Mines
  • Its main purpose is to help. Putting them at a
    disadvantage against an attacker.
  • People employed at a help desk usually are being
    paid next to nothing. Giving them little
    incentive to do anything but answer the questions
    and move onto the next phone call.
  • So how do you protect yourself?

14
Protecting Against These Attacks
  • As you know these attacks can take two different
    approaches Physical and Psychological
  • The physical aspect the workplace, over the
    phone, dumpster diving, and on-line.
  • The psychological aspect persuasion,
    impersonation, ingratiation, conformity, and good
    ol fashion friendliness

15
How To Defend Against the Physical
  • Check and Verify all personnel entering the
    establishment.
  • More important files should be locked up.
  • Shred all important papers before disposing.
  • Erase all magnetic media (hard drives, disks).
  • All machines on the network should be well
    protected by passwords.
  • Lock and store dumpsters in secure areas.

16
Security Policies and Training!!!
  • Corporations make the mistake of only protecting
    themselves from the physical aspect leaving them
    almost helpless to the psychological attacks
    hackers commonly use.
  • Advantage Alleviates responsibility of worker
    to make judgment call on the hackers request.
  • Policy should address aspects of access control
    and password changes and protection.
  • Locks, IDs, and shredders are important and
    should be required for all employees.
  • Set it in Stone Violations should be well known
    and well enforced.

17
Security Policies and Training!!!
  • All employees should know how to keep
    confidential information safe.
  • All new employees should attend a security
    orientation
  • All employees should attend an annual refresher
    course on these matters.
  • Also sending emails to employees concerning this
    matter how to spot an attacker, methods in
    preventing them from falling victim, and stories
    of current and landmark cases on Social
    Engineering.

18
Spotting an Attack
  • What to look for refusal to give contact
    information, rushing, name-dropping,
    intimidation, small mistakes, and requesting
    protected information.
  • Put yourself in their shoes. Think like a
    hacker.

19
What to do for the Average Joe
  • DO NOT DISCLOSE ANY PERSONAL INFORMATION UNLESS
    PERSON AND/OR SITE IS TRUSTED.
  • Dont fall prey to all the get rich quick
    schemes.
  • Update your security software regularly.
  • Have a strong password and change it regularly.
    Try not to have the same one for all your
    passwords.
  • Shred your important papers before throwing them
    out.
Write a Comment
User Comments (0)
About PowerShow.com